How Encryption Works

The secure session is established using a protocol called Secure Sockets Layer (SSL) Encryption. This protocol requires the exchange of what are called public and private keys.

Keys are random numbers chosen for that session and are only known between your browser and our server. Once keys are exchanged, your browser will use the numbers to scramble (encrypt) the messages sent between your browser and our server.

Both sides require the keys because they need to descramble (decrypt) messages received. The SSL protocol assures privacy, but also ensures no other website can "impersonate" your financial institution's website, nor alter information sent.

To learn whether your browser is in secure mode, look for the secured lock symbol at the bottom of your browser window.

Encryption Level

The numbers used as encryption keys are similar to combination locks. The strength of encryption is based on the number of possible combinations a lock can have. The more possible combinations, the less likely someone could guess the combination to decrypt the message.

For your protection, our servers require the browser to connect at 128-bit encryption (versus the less-secure 40-bit encryption). Users will be unable to access online banking functions at lesser encryption levels. This may require some end users to upgrade their browser to the stronger encryption level

To determine if your browser supports 128-bit encryption:

Click "Help" in the toolbar of your Internet browser

Click on "About [browser name]"

A pop-up box or window will appear.

For Internet Explorer: next to "Cipher strength" you should see "128-bit"

If your browser does not support 128-bit encryption, you must upgrade to continue to access the website's secure pages.

Trusteer Rapport

Trusteer Rapport is lightweight security software that protects your online banking communication from being stolen by criminals. Trusteer Rapport is highly recommended by your bank as an additional layer of security to any anti-virus or security software you already use. By protecting your internet connection and creating a tunnel for safe communication with your bank's online website, Trusteer Rapport blocks malicious attempts to steal money from your account.

What's at Stake?

In 2011, The FBI identified twenty incidents of attempted fraud totaling $20 million wherein online banking credentials of small to medium sized US business were compromised and used to initiate wire transfers to Chinese economic and trade companies. According to estimates, cybercrooks are stealing as much as $1 billion a year from SMBs in the U.S. and Europe

Corporate bank accounts are sensitive targets and are increasingly being attacked by fraudsters. One of the biggest risks is actually the computer used to bank with. Criminals use two sophisticated attacks to access online accounts using your computer.

Malicious software (or malware) - automatically and silently downloaded onto the computer when browsing the Internet, malware silently captures login information and transfers it to criminals as log-in is performed and can also silently change transactions executed.

Phishing - criminals build fake websites that look very similar to your bank's website to lure you into visiting them and submitting your online banking log-in information which is later used to access your account.

Trusteer Rapport - Dedicated Online Banking Security

Trusteer Rapport adds real value on top of your current security software. Trusteer Rapport locks down the browser to prevent malicious browser tampering designed to fool victims into surrendering personal information or approving fraudulent transactions.

Anti-virus solutions take days, sometime even weeks, to detect new financial malware variants and remove them. However, fraud occurs hours after a new malware variant is released. So when your anti-virus provider eventually cleans your computer of the malware, it is already too late to prevent fraud from occurring.

Trusteer Rapport protects your computer and mitigates financial malware infections. It also communicates with your bank and allows them to take immediate action against changes in threat.

Can Two Factor Authentication and Tokens Protect You?

Two Factor Authentication is ineffective because malware can easily take over already authenticated sessions. Transaction can then be injected into these sessions or changed to a different recipient or amount, if already being executed. Two Factor Authentication is effective against phishing attacks.

Tokens and other devices are ineffective because they can easily be bypassed. Malware can use such devices to generate passwords of their own, steal generated passwords and then access the session or enter already authenticated sessions.

Trusted by Hundreds of Banks and Tens of Millions of Customers

Trusteer protects hundreds of millions of online banking sessions around the world. Gartner recently placed Trusteer as "Leader" in their Magic Quadrant for Web Fraud Detection. Other awards include OTA's Excellence in Consumer Protection, Red Herring 100, SC Magazine's Best Secure Transaction Solution and Fraud Prevention Product of the Year by Frost and Sullivan are some of the awards that Trusteer has won.

Easy to Use

Downloadable in seconds, Trusteer Rapport is desktop software that works in the background and doesn't call for a change in user behavior — you can bank and use the internet as usual.

Firefox and Safari browsers and DI

Firefox and Safari - Encryption levels

Both browsers recently designated as supported for use with DI products, Firefox 1.0 and Safari 1.2, use strong 128-bit encryption when accessing secure sites, to ensure safe and secure transmittal of private data such as account and payment information.

Firefox and Safari - How end users can determine which levels of encryption they have

Firefox - In Firefox, this option is not visible until connected to a site. Negotiation occurs between the client browser and the server at run-time. To view the encryption level being used while connected to a specific secure site, you can do the following:

Click to the 'Tools' menu

Select 'Page Info'

Click the 'Security' tab

Or: double-click the yellow 'lock' icon in the lower right corner of the screen while connected to a secure site.

Safari - The Safari browser displays a 'lock' icon at the top right corner of the browser window when you're viewing a secure (https://) site. This symbol is absent when viewing an unsecured (http://) site. Safari can use both 40-bit and 128-bit "strong" encryption; the website determines which level of encryption is used at a given time

Other browsers that support 128-bit encryption also may work. More information on some common browsers is available via these links:

Mobile Device Security Tips & Best Practices

Read the permissions requested by every application before installing and verify the legitimacy of the publisher

Perform regular backup of data stored in Android devices

Protect devices with a password

Don't view or share personal information over a public Wi-Fi network

Remember: R Bank does not support mobile applications for token generation

Authorization

It is important to verify that only authorized persons log into online banking. This is achieved by verifying your password. When you submit your password, it is compared with the password we have stored in our secure data center.

We allow you to enter your password incorrectly a limited number of times; too many incorrect passwords will result in the locking of your online banking account until you call us to reinitialize the account. We monitor and record "bad-login" attempts to detect any suspicious activity (i.e. someone trying to guess your password).

You play a crucial role in preventing others from logging on to your account. Never use easy-to-guess passwords. Examples:

Birth dates

First names

Pet names

Addresses

Phone numbers

Social Security numbers

Never reveal your password to another person. You should periodically change your password in the User Option screen of online banking

Network Security

The network architecture used to provide the online banking service was designed by the brightest minds in network technology. The architecture is too complex to explain here, but it is important to convey that the computers storing your actual account information are not linked directly to the Internet.

Transactions initiated through the Internet are received by our online banking Web servers

These servers route your transaction through firewall servers

Firewall servers act as a traffic cop between segments of our online banking network used to store information, and the public Internet.

This configuration isolates the publicly accessible Web servers from data stored on our online banking servers and ensures only authorized requests are processed.

Various access control mechanisms, including intrusion detection and anti-virus, monitor for and protect our systems from potential malicious activity. Additionally, our online banking servers are fault-tolerant, and provide for uninterruptible access, even in the event of various types of failures.

Security Features

We provide a number of additional security features in online banking. For example, online banking will "timeout" after a specified period of inactivity. This prevents curious persons from continuing your online banking session if you left your PC unattended without logging out. You may set the timeout period in online banking's User Options screen. We recommend that you always sign off (log out) when done banking online.

Example Citations:
Phishing is the term coined by hackers who imitate legitimate companies in email messages to entice people to share passwords or credit-card numbers. Recent victims include Bank of America, Best Buy and eBay, where people were directed to Web pages that looked nearly identical to the companies' sites

What is 'Spoofing'?

Pretending to be something it is not, whether an email, website, etc...

How to report 'Phishing' or 'Spoofing'

We suggest reporting "phishing" or "spoofed" emails to the following groups:

Forward the email to the "abuse" email address at the company that is being spoofed (e.g. "spoof@ebay.com")

When forwarding spoofed messages, always include the entire original email with its original header information intact

Notify the Internet Fraud Complaint Center of the FBI by filing a complaint on their website: www.ic3.gov

Recommended actions if you've become a victim of phishing or other identity theft scam

If you have given out your credit or debit or ATM card information:

Report the incident to the card issuer as quickly as possible

Many companies have toll-free numbers and 24-hour service to deal with such emergencies

Cancel your account and open a new one

Review your billing statements carefully after the loss

If the statements show any unauthorized charges, it's best to send a letter to the card issuer via regular mail (keep a copy for yourself) describing each questionable charge

Credit Card Loss or Fraudulent Charges

Your maximum liability under federal law for unauthorized use of your credit card is $50 (many financial services companies have different policies so be sure to check with each of them). If the loss involves your credit card number, but not the card itself, you have no liability for unauthorized use; in general, you may only be liable for a very small amount but always check with your individual card company for their exact policy.

ATM or Debit Card Loss or Fraudulent Transfers

Your liability under federal law for unauthorized use of your ATM or debit card depends on how quickly you report the loss.

You risk unlimited loss if you fail to report an unauthorized transfer within 60 days after your bank statement containing unauthorized use is mailed to you.

If you have given out your bank account information

Report the theft of this information to the bank as quickly as possible

Cancel your account and open a new one

If you have downloaded a virus or 'Trojan Horse'

Some phishing attacks use viruses and/or 'Trojan Horses' to install programs called "key loggers" on your computer. These programs capture and send out any information that you type to the phisher, including credit card numbers, usernames and passwords, Social Security Numbers, etc.

If this happens, it's likely you may not be aware of it.

To minimize this risk, you should:

Install and/or update anti-virus and personal firewall software

Update all virus definitions and run a full scan

If your system appears to have been compromised, fix it and then change your password again, since you may well have transmitted the new one to the hacker

Check your other accounts! The fraudsters may have helped themselves to many different accounts: eBay account, PayPal, your email ISP, online bank accounts, online trading accounts, and other e-commerce accounts, and everything else for which you use online password

If you have given out your personal identification information

Identity theft occurs when someone uses your personal information such as your name, Social Security number, credit card number or other identifying information, without your permission to commit fraud or other crimes. If you have given out this kind of information to a phisher, you should do the following:

Report the theft to the three major credit reporting agencies, Experian, Equifax and TransUnion Corporation, and do the following:

Request that they place a fraud alert and a victim's statement in your file

Request a FREE copy of your credit report to check whether any accounts were opened without your consent

Request that the agencies remove inquiries and/or fraudulent accounts stemming from the theft

The Internet Fraud Complaint Center (IFCC) is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), with a mission to address fraud committed over the Internet

For victims of Internet fraud, IFCC provides a convenient and easy-to-use reporting mechanism that alerts authorities of a suspected criminal or civil violation.

Document the names and phone numbers of everyone you speak to regarding the incident. Follow-up your phone calls with letters. Keep copies of all correspondence.